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2 Patterns of Proof 



2.1 The Axiomatic Method 

The standard procedure for establishing truth in mathematics was invented by Eu- 
clid, a mathematician working in Alexandria, Egypt around 300 BC. His idea was 
to begin with five assumptions about geometry, which seemed undeniable based on 
direct experience. For example, one of the assumptions was "There is a straight 
Une segment between every pair of points." Propositions like these that are simply 
accepted as true are called axioms. 

Starting from these axioms, Euclid established the truth of many additional propo- 
sitions by providing "proofs". A proof is a sequence of logical deductions from 
axioms and previously-proved statements that concludes with the proposition in 
question. You probably wrote many proofs in high school geometry class, and 
you'll see a lot more in this course. 

There are several common terms for a proposition that has been proved. The 
different terms hint at the role of the proposition within a larger body of work. 

• Important propositions are called theorems. 

• A lemma is a preliminary proposition useful for proving later propositions. 

• A corollary is a proposition that follows in just a few logical steps from a 
lemma or a theorem. 

The definitions are not precise. In fact, sometimes a good lemma turns out to be far 
more important than the theorem it was originally used to prove. 

Euchd's axiom-and-proof approach, now called the axiomatic method, is the 
foundation for mathematics today. In fact, just a handful of axioms, collectively 
called Zermelo-Frankel Set Theory with Choice (ZFC), together with a few logical 
deduction rules, appear to be sufficient to derive essentially all of mathematics. 

2.1.1 Our Axioms 

The ZFC axioms are important in studying and justifying the foundations of math- 
ematics, but for practical purposes, they are much too primitive. Proving theorems 
in ZFC is a little like writing programs in byte code instead of a full-fledged pro- 
gramming language — by one reckoning, a formal proof in ZFC that 2 -|- 2 = 4 
requires more than 20,000 steps! So instead of starting with ZFC, we're going to 
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Chapter 2 Patterns of Proof 

take a huge set of axioms as our foundation: we'll accept all familiar facts from 
high school math! 

This will give us a quick launch, but you may find this imprecise specification of 
the axioms troubling at times. For example, in the midst of a proof, you may find 
yourself wondering, "Must I prove this little fact or can I take it as an axiom?" Feel 
free to ask for guidance, but really there is no absolute answer. Just be up front 
about what you're assuming, and don't try to evade homework and exam problems 
by declaring everything an axiom! 

2.1.2 Logical Deductions 

Logical deductions or inference rules are used to prove new propositions using 
previously proved ones. 

A fundamental inference rule is modus ponens. This rule says that a proof of P 
together with a proof that P implies 2 is a proof of Q. 

Inference rules are sometimes written in a funny notation. For example, modus 
ponens is written: 



When the statements above the line, called the antecedents, are proved, then we 
can consider the statement below the line, called the conclusion or consequent, to 
also be proved. 

A key requirement of an inference rule is that it must be sound: any assignment 
of truth values that makes all the antecedents true must also make the consequent 
true. So if we start off with true axioms and apply sound inference rules, everything 
we prove will also be true. 

You can see why modus ponens is a sound inference rule by checking the truth 
table of P IMPLIES Q. There is only one case where P and P implies Q are 
both true, and in that case Q is also true. 



Rule 2.1.1. 



P, P implies Q 



Q 



P Q 
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There are many other natural, sound inference rules, for example: 
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2. 1. The Axiomatic Method 
Rule 2.1.2. 

P IMPLIES Q, Q IMPLIES R 
P IMPLIES R 

Rule 2.1.3. 

P IMPLIES Q, NOT(Q) 
NOT(P) 

Rule 2.1.4. 

NOT(P) implies NOT(g) 

Q implies P 

On the other hand, 
Non-Rule. 

NOT(P) implies NOT(g) 
P IMPLIES Q 

is not sound: if P is assigned T and Q is assigned F, then the antecedent is true 
and the consequent is not. 

Note that a propositional inference rule is sound precisely when the conjunction 
(AND) of all its antecedents implies its consequent. 

As with axioms, we will not be too formal about the set of legal inference rules. 
Each step in a proof should be clear and "logical"; in particular, you should state 
what previously proved facts are used to derive each new conclusion. 

2.1.3 Proof Templates 

In principle, a proof can be any sequence of logical deductions from axioms and 
previously proved statements that concludes with the proposition in question. This 
freedom in constructing a proof can seem overwhelming at first. How do you even 
start a proof? 

Here's the good news: many proofs follow one of a handful of standard tem- 
plates. Each proof has it own details, of course, but these templates at least provide 
you with an outline to fill in. In the remainder of this chapter, we'll go through 
several of these standard patterns, pointing out the basic idea and common pitfalls 
and giving some examples. Many of these templates fit together; one may give you 
a top-level outline while others help you at the next level of detail. And we'll show 
you other, more sophisticated proof techniques in Chapter 3. 

The recipes that follow are very specific at times, telling you exactly which words 
to write down on your piece of paper. You're certainly free to say things your own 
way instead; we're just giving you something you could say so that you're never at 
a complete loss. 
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2.2 Proof by Cases 

Breaking a complicated proof into cases and proving each case separately is a use- 
ful and common proof strategy. In fact, we have already implicitly used this strategy 
when we used truth tables to show that certain propositions were true or valid. For 
example, in section 1.1.5, we showed that an implication P IMPLIES Q is equiv- 
alent to its contrapositive NOT(g) IMPLIES NOT(P) by considering all 4 possible 
assignments of T or F to P and Q. In each of the four cases, we showed that 
P IMPLIES Q is true if and only if NOT(g) IMPLIES NOT(P) is true. For exam- 
ple, if P = T and Q =F, then both P IMPLIES Q and NOT(g) IMPLIES NOT(P) 
are false, thereby estabhshing that (P IMPLIES g)lFF(NOT(g) IMPLIES NOT(P)) 
is true for this case. If a proposition is true in every possible case, then it is true. 

Proof by cases works in much more general environments than propositions in- 
volving Boolean variables. In what follows, we will use this approach to prove a 
simple fact about acquaintances. As background, we will assume that for any pair 
of people, either they have met or not. If every pair of people in a group has met, 
we'll call the group a club. If every pair of people in a group has not met, we'll call 
it a group of strangers. 

Theorem. Every collection of 6 people includes a club of 3 people or a group of 3 
strangers. 

Proof. The proof is by case analysis^ Let x denote one of the six people. There 
are two cases: 

1. Among the other 5 people besides x, at least 3 have met x. 

2. Among the other 5 people, at least 3 have not met x. 

Now we have to be sure that at least one of these two cases must hold,^ but that's 
easy: we've split the 5 people into two groups, those who have shaken hands with 
X and those who have not, so one of the groups must have at least half the people. 

Case 1: Suppose that at least 3 people have met x. 

This case splits into two subcases: 

^Describing your approach at the outset helps orient the reader. Try to remember to always do 
this. 

^Part of a case analysis argument is showing that you've covered all the cases. Often this is 
obvious, because the two cases are of the form "P" and "not P". However, the situation above is not 
stated quite so simply. 
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Case 1.1: Among the people who have met x, none have met each 
other. Then the people who have met x are a group of at least 3 
strangers. So the Theorem holds in this subcase. 

Case 1.2: Among the people who have met x, some pair have met 
each other. Then that pair, together with x, form a club of 3 people. 
So the Theorem holds in this subcase. 

This implies that the Theorem holds in Case 1 . 

Case 2: Suppose that at least 3 people have not met x. 
This case also splits into two subcases: 

Case 2.1: Among the people who have not met x, every pair has met 
each other. Then the people who have not met x are a club of at least 
3 people. So the Theorem holds in this subcase. 

Case 2.2: Among the people who have not met x, some pair have not 
met each other. Then that pair, together with x, form a group of at least 
3 strangers. So the Theorem holds in this subcase. 

This implies that the Theorem also holds in Case 2, and therefore holds in all cases. 



2.3 Proving an Implication 

Propositions of the form "If P, then Q" are called implications. This implication 
is often rephrased as "P implies Q" or "P — > Q". 
Here are some examples of implications: 

• (Quadratic Formula) If ax^ + bx + c = and a 7^ 0, then 

-b ± Vft2 - 4ac 



• (Goldbach's Conjecture) If n is an even integer greater than 2, then n is a 
sum of two primes. 

• If < X < 2, then -x^ + 4x + 1 > 0. 

There are a couple of standard methods for proving an implication. 
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2.3.1 Method #1: Assume P is true 

When proving P IMPLIES Q, there are two cases to consider: P is true and P is 
false. The case when P is false is easy since, by definition, F IMPLIES Q is true 
no matter what Q is. This case is so easy that we usually just forget about it and 
start right off by assuming that P is true when proving an implication, since this is 
the only case that is interesting. Hence, in order to prove that P implies Q : 

1. Write, "Assume P." 

2. Show that Q logically follows. 

For example, we will use this method to prove 
Theorem 2.3.1. If0<x<2, then -x^ + 4x + 1 > 0. 

Before we write a proof of this theorem, we have to do some scratchwork to 
figure out why it is true. 

The inequality certainly holds for x = 0; then the left side is equal to 1 and 
1 > 0. As X grows, the Ax term (which is positive) initially seems to have greater 
magnitude than —x^ (which is negative). For example, when x — 1, we have 
Ax = 4, but —x^ = — 1. In fact, it looks like — doesn't begin to dominate 4x 
until X > 2. So it seems the —x'^ + 4x part should be nonnegative for all x between 
and 2, which would imply that — x^ + 4x + 1 is positive. 

So far, so good. But we still have to replace all those "seems like" phrases with 
solid, logical arguments. We can get a better handle on the critical — x^ + 4x part 
by factoring it, which is not too hard: 

-x^ + 4x = x(2 - x)(2 + x) 

Aha! For x between and 2, all of the terms on the right side are nonnegative. And 
a product of nonnegative terms is also nonnegative. Let's organize this bUzzard of 
observations into a clean proof. 

Proof. Assume < x < 2. Then x, 2— x, and 2+x are all nonnegative. Therefore, 
the product of these terms is also nonnegative. Adding 1 to this product gives a 
positive number, so: 

x(2- x)(2 + x) + 1 > 
Multiplying out on the left side proves that 

-x^ + 4x + 1 > 



as claimed. 
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There are a couple points here that apply to all proofs: 

• You'll often need to do some scratchwork while you're trying to figure out 
the logical steps of a proof. Your scratchwork can be as disorganized as you 
like — full of dead-ends, strange diagrams, obscene words, whatever. But 
keep your scratchwork separate from your final proof, which should be clear 
and concise. 

• Proofs typically begin with the word "Proof" and end with some sort of 
doohickey Hke □ or ■ or "q.e.d". The only purpose for these conventions is 
to clarify where proofs begin and end. 

Potential PitfaU 

For the purpose of proving an imphcation P IMPLIES Q, it's OK, and typical, to 
begin by assuming P . But when the proof is over, it's no longer OK to assume that 
P holds! For example. Theorem 2.3.1 has the form "if P , then Q" with P being 
"0 < X < 2" and Q being "— + 4x + 1 > 0," and its proof began by assuming 
that < X < 2. But of course this assumption does not always hold. Indeed, if 
you were going to prove another result using the variable x, it could be disastrous 
to have a step where you assume that < x < 2 just because you assumed it as 
part of the proof of Theorem 2.3.1. 

2.3.2 Method #2: Prove the Contrapositive 

We have already seen that an imphcation "P implies g" is logically equivalent 
to its contrapositive 

NOT(g) IMPLIES NOT(P). 

Proving one is as good as proving the other, and proving the contrapositive is some- 
times easier than proving the original statement. Hence, you can proceed as fol- 
lows: 

1. Write, "We prove the contrapositive:" and then state the contrapositive. 

2. Proceed as in Method #1 . 

For example, we can use this approach to prove 

Theorem 2.3.2. Ifr is irrational, then s/r is also irrational. 

Recall that rational numbers are equal to a ratio of integers and irrational num- 
bers are not. So we must show that if r is not a ratio of integers, then is also 
not a ratio of integers. That's pretty convoluted! We can eliminate both not's and 
make the proof straightforward by considering the contrapositive instead. 
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Proof. We prove the contrapositive: if ^ is rational, then r is rational. 
Assume that -y/r is rational. Then there exist integers a and b such that: 




Squaring both sides gives: 

Since and are integers, r is also rational. ■ 



2.4 Proving an "If and Only If 

Many mathematical theorems assert that two statements are logically equivalent; 
that is, one holds if and only if the other does. Here is an example that has been 
known for several thousand years: 

Two triangles have the same side lengths if and only if two side lengths 
and the angle between those sides are the same in each triangle. 

The phrase "if and only if" comes up so often that it is often abbreviated "iff". 

2.4.1 Method #1: Prove Each Statement Implies the Other 

The statement "P iff Q" is equivalent to the two statements "P IMPLIES Q" and 
"2 IMPLIES P". So you can prove an "iff" by proving two implications: 

1 . Write, "We prove P implies Q and vice- versa." 

2. Write, "First, we show P imphes Q." Do this by one of the methods in 
Section 2.3. 

3. Write, "Now, we show Q implies P." Again, do this by one of the methods 
in Section 2.3. 

2.4.2 Method #2: Construct a Chain of iffs 

In order to prove that P is true iff Q is true: 

1. Write, "We construct a chain of if-and-only-if implications." 

2. Prove P is equivalent to a second statement which is equivalent to a third 
statement and so forth until you reach Q . 
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This method sometimes requires more ingenuity than the first, but the result can be 
a short, elegant proof, as we see in the following example. 

Theorem 2.4.1. The standard deviation of a sequence of values xi, . . . ,Xn is zero 
iff all the values are equal to the mean. 

Definition. The standard deviation of a sequence of values xi, X2, Xn is de- 
fined to be: 

/ (xi - fiy + (X2 - + ■ ■ ■ + (Xn - ^^^^ 

V n 
where /jl is the mean of the values: 

Xl+ X2-{ \- x„ 

n 

As an example, Theorem 2.4. 1 says that the standard deviation of test scores is 
zero if and only if everyone scored exactly the class average. (We will talk a lot 
more about means and standard deviations in Part IV of the book.) 

Proof. We construct a chain of "iff" implications, starting with the statement that 
the standard deviation (2.1) is zero: 



/ (xi-/z)2 + (x2-M)^ + --- + (Xn-/z)2 ^^^^ 

V n 

Since zero is the only number whose square root is zero, equation (2.2) holds iff 

(xi - iif- + (X2 - /i)^ + • • • + (x„ - iif = 0. (2.3) 

Squares of real numbers are always nonnegative, and so every term on the left hand 
side of equation (2.3) is nonnegative. This means that (2.3) holds iff 

Every term on the left hand side of (2.3) is zero. (2.4) 

But a term (xj — /i)^ is zero iff x,- = //,, so (2.4) is true iff 

Every x, equals the mean. 
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2.5 Proof by Contradiction 

In a proof by contradiction or indirect proof, you show that if a proposition were 
false, then some false fact would be true. Since a false fact can't be true, the propo- 
sition had better not be false. That is, the proposition really must be true. 

Proof by contradiction is always a viable approach. However, as the name sug- 
gests, indirect proofs can be a little convoluted. So direct proofs are generally 
preferable as a matter of clarity. 

Method: In order to prove a proposition P by contradiction: 

1 . Write, "We use proof by contradiction." 

2. Write, "Suppose P is false." 

3. Deduce something known to be false (a logical contradiction). 

4. Write, "This is a contradiction. Therefore, P must be true." 

As an example, we will use proof by contradiction to prove that V2 is irrational. 
Recall that a number is rational if it is equal to a ratio of integers. For example, 
3.5 = 7/2and 0.1111 ••• = 1/9 are rational numbers. 

Theorem 2.5.1. \/2 is irrational. 

Proof. We use proof by contradiction. Suppose the claim is false; that is, -s/2 is 
rational. Then we can write y/l as a fraction n/d where n and d are positive 
integers. Furthermore, let's take n and d so that n j d is in lowest terms (that is, so 
that there is no number greater than 1 that divides both n and d). 

Squaring both sides gives 2 = n^/d^ and so 2d^ = n^. This implies that « is a 
multiple of 2. Therefore «^ must be a multiple of 4. But since 2 = we know 
2d is a multiple of 4 and so t/'^ is a multiple of 2. This implies that d isa multiple 
of 2. 

So the numerator and denominator have 2 as a common factor, which contradicts 
the fact that n/d is in lowest terms. So \/2 must be irrational. ■ 

Potential PitfaU 

A proof of a proposition P by contradiction is really the same as proving the impli- 
cation T IMPLIES P by contrapositive. Indeed, the contrapositive of T implies P 
is NOT(P) implies F. As we saw in Section 2.3.2, such a proof would be begin 
by assuming NOT(P) in an effort to derive a falsehood, just as you do in a proof by 
contradiction. 
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No matter how you think about it, it is important to remember that when you 
start by assuming NOT(P), you will derive conclusions along the way that are not 
necessarily true. (Indeed, the whole point of the method is to derive a falsehood.) 
This means that you cannot rely on intermediate results after a proof by contradic- 
tion is completed (for example, that n is even after the proof of Theorem 2.5.1). 
There was not much risk of that happening in the proof of Theorem 2.5.1, but when 
you are doing more complicated proofs that build up from several lemmas, some of 
which utihze a proof by contradiction, it will be important to keep track of which 
propositions only follow from a (false) assumption in a proof by contradiction. 



2.6 Proofs about Sets 

Sets are simple, flexible, and everywhere. You will find some set mentioned in 
nearly every section of this text. In fact, we have already talked about a lot of sets: 
the set of integers, the set of real numbers, and the set of positive even numbers, to 
name a few. 

In this section, we'll see how to prove basic facts about sets. We'll start with 
some definitions just to make sure that you know the terminology and that you are 
comfortable working with sets. 

2.6.1 Definitions 

Informally, a set is a bunch of objects, which are called the elements of the set. 
The elements of a set can be just about anything: numbers, points in space, or even 
other sets. The conventional way to write down a set is to list the elements inside 
curly-braces. For example, here are some sets: 

A = {Alex, Tippy, Shells, Shadow} dead pets 

B = {red, blue, yellow} primary colors 

C = {{a,b},{a,c},{b.c}} a set of sets 

This works fine for small finite sets. Other sets might be defined by indicating how 
to generate a list of them: 

Z) = {1,2,4,8, 16,...} the powers of 2 

The order of elements is not significant, so {x, y} and {y, x} are the same set 
written two different ways. Also, any object is, or is not, an element of a given 
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set — there is no notion of an element appearing more than once in a set.^ So writ- 
ing {x,x} is just indicating the same thing twice, namely, that x is in the set. In 
particular, {x,x} = {x}. 

The expression e s S asserts that e is an element of set S. For example, 32 € D 
and blue e B , but Tailspin ^ A — yet. 

Some Popular Sets 

Mathematicians have devised special symbols to represent some common sets, 
symbol set elements 



the empty set none 

N nonnegative integers {0, 1, 2, 3, . . .} 

Z integers {...,-3,-2,-1,0,1,2,3,...} 

Q rational numbers |, — |, 16, etc. 

R real numbers tz, e, —9, V2, etc. 

C complex numbers z, ^Jl — li, etc. 



A superscript restricts a set to its positive elements; for example, R"*" denotes 
the set of positive real numbers. Similarly, M~ denotes the set of negative reals. 

Comparing and Combining Sets 

The expression 5 c r indicates that set S is a subset of set T , which means that 
every element of 5* is also an element of T (it could be that S = T). For example, 
N c Z and Q ^ M (every rational number is a real number), but C ^ Z (not every 
complex number is an integer). 

As a memory trick, notice that the c points to the smaller set, just like a < sign 
points to the smaller number. Actually, this connection goes a little further: there 
is a symbol C analogous to <. Thus, S C T means that 5* is a subset of T, but the 
two are not equal. So ^ c ^, but A A, for every set A. 

There are several ways to combine sets. Let's define a couple of sets for use in 
examples: 

X ::= {1,2,3} 
Y ::= {2,3,4} 

• The union of sets X and Y (denoted X U Y) contains all elements appearing 
in X or F or both. Thus, XU7 = {1,2,3,4}. 

^It's not hard to develop a notion of multisets in wliich elements can occur more than once, but 
multisets are not ordinary sets. 
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• The intersection of X and Y (denoted Z n F) consists of all elements that 
appear in both X and F. So X n F = {2, 3}. 

• The set difference of X and F (denoted X — Y) consists of all elements that 
are in X, but not in F. Therefore, X-F = {l}andF-X = {4}. 

The Complement of a Set 

Sometimes we are focused on a particular domain, D. Then for any subset, A, of 
D, we define A to be the set of all elements of D not in A. That is, A ::= D — A. 
The set A is called the complement of A. 

For example, when the domain we're working with is the real numbers, the com- 
plement of the positive real numbers is the set of negative real numbers together 

with zero. That is, 

M+ = M~ U {0}. 

It can be helpful to rephrase properties of sets using complements. For example, 
two sets, A and B, are said to be disjoint iff they have no elements in common, that 
is, ^ n = 0. This is the same as saying that ^ is a subset of the complement of 
B, that is, ^ C B. 

Cardinality 

The cardinality of a set A is the number of elements in A and is denoted by |^|. 
For example, 

|0| = o, 

|{1,2,4}| = 3, and 
|N| is infinite. 

The Power Set 

The set of all the subsets of a set, A, is called the power set, V(A), of A. So 
B e V{A) iff B <z A. For example, the elements of 7^({1, 2}) are 0, {1}, {2} and 
{1,2}. 

More generally, if A has n elements, then there are 2" sets in V{A). In other 
words, if A is finite, then 1^(^)1 = 2l"^L For this reason, some authors use the 
notation 2"* instead of ViA) to denote the power set of A. 

Sequences 

Sets provide one way to group a collection of objects. Another way is in a se- 
quence, which is a list of objects called terms or components. Short sequences 



13 



"mcs-ftr' — 2010/9/8 — 0:40 — page 36 — #42 



Chapter 2 Patterns of Proof 

are commonly described by listing the elements between parentheses; for example, 

{a, h, c) is a sequence with three terms. 

While both sets and sequences perform a gathering role, there are several differ- 
ences. 

• The elements of a set are required to be distinct, but terms in a sequence can 
be the same. Thus, (a,b, a) is a valid sequence of length three, but {a, b, a} 
is a set with two elements — not three. 

• The terms in a sequence have a specified order, but the elements of a set do 
not. For example, (a,b, c) and (a, c, b) are different sequences, but {a,b, c} 
and {a,c,b} are the same set. 

• Texts differ on notation for the empty sequence; we use X for the empty 
sequence and for the empty set. 

Cross Products 

The product operation is one link between sets and sequences. A product of sets, 
S'l X S2 X ■ ■ • X S„, is a new set consisting of all sequences where the first component 
is drawn from 5*1, the second from 5*2, and so forth. For example, N x {a.Z?} is 
the set of all pairs whose first element is a nonnegative integer and whose second 
element is an a or a Z?: 

N x {a, b} = {(0, a), (0, b), (1, a), (1,6), (2, a), (2, b),...} 

A product of n copies of a set S is denoted 5". For example, {0, 1}^ is the set of 
all 3-bit sequences: 

{0,1}3 = {(0,0,0), (0,0, 1), (0,1,0), (0,1,1), (1,0,0), (1,0,1), (1,1,0), (1,1,1)} 
2.6.2 Set Builder Notation 

An important use of predicates is in set builder notation. We'll often want to talk 
about sets that cannot be described very well by listing the elements expUcitly or 
by taking unions, intersections, etc., of easily-described sets. Set builder notation 
often comes to the rescue. The idea is to define a set using a predicate; in particular, 
the set consists of all values that make the predicate true. Here are some examples 
of set builder notation: 

A ::= {« € N I n is a prime and n = 4k+lfoT some integer k} 

B ::={x eR\ -3x + 1 >0} 

C ::= {a + bi eC\a^ + 2b^ < 1} 

The set A consists of all nonnegative integers n for which the predicate 
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"« is a prime and n = 4k + lfoT some integer k" 

is true. Thus, the smallest elements of A are: 

5,13,17, 29, 37,41,53,57,61,73 

Trying to indicate the set A by listing these first few elements wouldn't work very 
well; even after ten terms, the pattern is not obvious! Similarly, the set B consists 
of all real numbers x for which the predicate 

- 3x + 1 > 

is true. In this case, an explicit description of the set B in terms of intervals would 
require solving a cubic equation. Finally, set C consists of all complex numbers 
a + bi such that: 

This is an oval-shaped region around the origin in the complex plane. 
2.6.3 Proving Set Equalities 

Two sets are defined to be equal if they contain the same elements. That is, X — Y 
means that z e X if and only if z e 7, for all elements, z. (This is actually the first 
of the ZFC axioms.) So set equahties can often be formulated and proved as "iff' 
theorems. For example: 

Theorem 2.6.1 (Distributive Law for Sets). Let A, B, and C be sets. Then: 

A(^ {B U C) = {Af\ B)U {A^C) (2.5) 

Proof. The equality (2.5) is equivalent to the assertion that 

z eAi^{BUC) iff z e{AP^B)l}{APiC) (2.6) 

for all z. This assertion looks very similar to the Distributive Law for AND and 
OR that we proved in Section 1.4 (equation 1.6). Namely, if P, Q, and R are 
propositions, then 

[P AND (Q OR R)] IFF [(P AND Q) OR (P AND R)] (2.7) 

Using this fact, we can now prove (2.6) by a chain of iff 's: 

z € Ar\(BUC) 

iff (z € A) AND (z € BUG) (def of n) 

iff (z € A) AND (z e 5 OR z € C) (def of U) 

iff (z e A AND z € 5) OR (z e ^ AND z € C) (equation 2.7) 

iff (z e ^ n B) OR (z e ^ n C) (def of n) 

iff z € (An B)U (AnC) (def of U) ■ 
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Many other set equalities can be derived from other valid propositions and proved 
in an analogous manner. In particular, propositions such as P, g and R are re- 
placed with sets such d& A, B, and C, AND (A) is replaced with intersection (fl), 
OR (v) is replaced with union (U), NOT is replaced with complement (for example, 
P would become A), and iff becomes set equaUty (=). Of course, you should 
always check that any alleged set equality derived in this manner is indeed true. 

2.6.4 Russell's Paradox and the Logic of Sets 

Reasoning naively about sets can sometimes be tricky. In fact, one of the earliest at- 
tempts to come up with precise axioms for sets by a late nineteenth century logician 
named Gotlob Frege was shot down by a three line argument known as Russell's 
Paradox^ This was an astonishing blow to efforts to provide an axiomatic founda- 
tion for mathematics. 

Russell's Paradox 

Let S be a variable ranging over all sets, and define 

W::={S \ S ^S). 

So by definition, for any set S, 

s ewms ^S. 

In particular, we can let SbeW, and obtain the contradictory result that 

A way out of the paradox was clear to Russell and others at the time: it's unjus- 
tified to assume that W is a set. So the step in the proof where we let 5 be IF has 
no justification, because S ranges over sets, and W may not be a set. In fact, the 
paradox implies that W had better not be a set! 

But denying that IF is a set means we must reject the very natural axiom that 
every mathematically well-defined collection of elements is actually a set. So the 
problem faced by Frege, Russell and their colleagues was how to specify which 

^Bertrand Russell was a mathematician/logician at Cambridge University at the turn of the Twen- 
tieth Century. He reported that when he felt too old to do mathematics, he began to study and write 
about philosophy, and when he was no longer smart enough to do philosophy, he began writing about 
politics. He was jailed as a conscientious objector during World War I. For his extensive philosophical 
and political writing, he won a Nobel Prize for Literature. 
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well-defined collections are sets. Russell and his fellow Cambridge University col- 
league Whitehead immediately went to work on this problem. They spent a dozen 
years developing a huge new axiom system in an even huger monograph called 
Principia Mathematica. 

Over time, more efficient axiom systems were developed and today, it is gen- 
erally agreed that, using some simple logical deduction rules, essentially all of 
mathematics can be derived from the Axioms of Zermelo-Frankel Set Theory with 
Choice (ZFC). We are not going to be working with these axioms in this course, 
but just in case you are interested, we have included them as a sidebar below. 

The ZFC axioms avoid Russell's Paradox because they imply that no set is ever 
a member of itself. Unfortunately, this does not necessarily mean that there are not 
other paradoxes lurking around out there, just waiting to be uncovered by future 
mathematicians. 




ZFC Axioms 




Extensionality . Two sets are equal if they have the same members. In formal log- 
ical notation, this would be stated as: 




(Vz. (z e X IFF z e y)) IMPLIES X = y. 




Pairing. For any two sets x and y, there is a set, {x, j}, with x and y as its only 
elements: 

Vx, y. 3m. Vz. [z e m IFF (z = x OR z = y)] 




Union. The union, m, of a collection, z, of sets is also a set: 




Vz. 3m Vx. (3y. X e _y and j e z) iff x e u. 




Infinity. There is an infinite set. Specifically, there is a nonempty set, x, such that 
for any set j € x, the set {y} is also a member of x. 




Subset. Given any set, x, and any proposition P{y), there is a set containing pre- 
cisely those elements j e x for which P{y) holds. 




Power Set. All the subsets of a set form another set: 




Vx. 3/). Vm. m c X iff m € p. 




Replacement. Suppose a formula, (f), of set theory defines the graph of a function, 
that is, 

Vx, y, z. [0(x, y) and 4>{x, z)] implies y — z. 
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Then the image of any set, s, under that function is also a set, t. Namely, 




V5 3t Vj. [3x. 4>{X, j) IFF J € t\. 




Foundation. There cannot be an infinite sequence 




••• e Xn € ••• € X\ € Xq 




of sets each of which is a member of the previous one. This is equivalent 
to saying every nonempty set has a "member-minimal" element. Namely, 
define 




iiiciiiuci-iiiiiiiiiian^m , .. — [/At t X AINU 1 y t x.y 5c aa/j. 




Then the Foundation axiom is 




Vx. X IMPLIES 3w. member-minimal (m, x). 




Choice. Given a set, s, whose members are nonempty sets no two of which have 
any element in common, then there is a set, c, consisting of exactly one 
element from each set in j. 




^jVzVu; ((z e w AND u; e x) implies 

3i;3M(3r((M e iDAND w ^t) and(u e t and t e y)) 

IFFM = V)) 


2.7 Good Proofs in Practice 


One purpose of a proof is to establish the truth of an assertion with absolute cer- 
tainty. Mechanically checkable proofs of enormous length or complexity can ac- 
complish this. But humanly intelUgible proofs are the only ones that help someone 
understand the subject. Mathematicians generally agree that important mathemati- 
cal results can't be fully understood until their proofs are understood. That is why 
proofs are an important part of the curriculum. 

To be understandable and helpful, more is required of a proof than just logical 
correctness: a good proof must also be clear. Correctness and clarity usually go 
together; a well-written proof is more likely to be a correct proof, since mistakes 
are harder to hide. 
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In practice, the notion of proof is a moving target. Proofs in a professional 
research journal are generally unintelligible to all but a few experts who know all 
the terminology and prior results used in the proof. Conversely, proofs in the first 
weeks of an introductory course like Mathematics for Computer Science would be 
regarded as tediously long-winded by a professional mathematician. In fact, what 
we accept as a good proof later in the term will be different than what we consider 
to be a good proof in the first couple of weeks of this course. But even so, we can 
offer some general tips on writing good proofs: 

State your game plan. A good proof begins by explaining the general line of rea- 
soning. For example, "We use case analysis" or "We argue by contradiction." 

Keep a linear flow. Sometimes proofs are written like mathematical mosaics, with 
juicy tidbits of independent reasoning sprinkled throughout. This is not good. 
The steps of an argument should follow one another in an intelligible order. 

A proof is an essay, not a calculation. Many students initially write proofs the way 
they compute integrals. The result is a long sequence of expressions without 
explanation, making it very hard to follow. This is bad. A good proof usually 
looks like an essay with some equations thrown in. Use complete sentences. 

Avoid excessive symbolism. Your reader is probably good at understanding words, 
but much less skilled at reading arcane mathematical symbols. So use words 
where you reasonably can. 

Revise and simplify. Your readers will be grateful. 

Introduce notation thoughtfully. Sometimes an argument can be greatly simpli- 
fied by introducing a variable, devising a special notation, or defining a new 
term. But do this sparingly since you're requiring the reader to remember 
all that new stuff. And remember to actually define the meanings of new 
variables, terms, or notations; don't just start using them! 

Structure long proofs. Long programs are usually broken into a hierarchy of smaller 
procedures. Long proofs are much the same. Facts needed in your proof that 

are easily stated, but not readily proved are best pulled out and proved in pre- 
liminary lemmas. Also, if you are repeating essentially the same argument 
over and over, try to capture that argument in a general lemma, which you 
can cite repeatedly instead. 

Be wary of the "obvious". When familiar or truly obvious facts are needed in a 
proof, it's OK to label them as such and to not prove them. But remember 
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that what's obvious to you, may not be — and typically is not — obvious to 
your reader. 

Most especially, don't use phrases like "clearly" or "obviously" in an attempt 
to bully the reader into accepting something you're having trouble proving. 
Also, go on the alert whenever you see one of these phrases in someone else's 
proof. 

Finish. At some point in a proof, you'll have established all the essential facts 
you need. Resist the temptation to quit and leave the reader to draw the 
"obvious" conclusion. Instead, tie everything together yourself and explain 
why the original claim follows. 

The analogy between good proofs and good programs extends beyond structure. 
The same rigorous thinking needed for proofs is essential in the design of criti- 
cal computer systems. When algorithms and protocols only "mostly work" due 
to reUance on hand-waving arguments, the results can range from problematic to 
catastrophic. An early example was the Therac 25, a machine that provided radia- 
tion therapy to cancer victims, but occasionally killed them with massive overdoses 
due to a software race condition. A more recent (August 2004) example involved a 
single faulty command to a computer system used by United and American AirUnes 
that grounded the entire fleet of both companies — and all their passengers ! 

It is a certainty that we'll all one day be at the mercy of critical computer systems 
designed by you and your classmates. So we really hope that you'll develop the 
ability to formulate rock-soUd logical arguments that a system actually does what 
you think it does ! 
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